Welcome to today’s Daily OT Security News briefing. Today’s updates highlight critical developments in operational technology security, including major vulnerabilities, strategic acquisitions, and coordinated law enforcement actions. These stories underscore the growing complexity and urgency of protecting critical infrastructure worldwide.
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory urging Fortinet customers to secure internet-facing FortiGate appliances following a sweeping credential-compromise campaign codenamed FortiBleed. As of June 19, 2026, 86,644 devices across 194 countries have been confirmed compromised, with telecom, government, and education sectors most affected. CISA recommends resetting all Fortinet VPN and administrative passwords, enforcing PBKDF2-based credential storage, enabling phishing-resistant MFA, and reviewing firewall and authentication logs for suspicious activity.
Source: The Hacker News
Accenture Acquires Dragos, runZero, and NetRise in $4.1 Billion OT Cybersecurity Deal
Accenture announced a $4.1 billion deal to acquire a majority stake in Dragos and fully acquire runZero and NetRise, three leading OT cybersecurity firms. Together, they deliver approximately $208 million in annual recurring revenue, marking a 53% year-over-year increase. This acquisition signals a major move by professional services giants to dominate the OT security market amid escalating nation-state threats.
Source: AboutDFIR / InfoSec News Nuggets
UK GCHQ Chief Warns: 75% of 200+ Critical Infrastructure Cyber Incidents Linked to State Actors
Richard Horne, head of GCHQ’s National Cyber Security Centre, revealed that 75% of over 200 cyber incidents targeting UK critical infrastructure between June 2025 and May 2026 were linked to state actors from Russia, China, and Iran. He warned that adversaries are pre-positioning within critical technology to enable rapid exploitation and predicted AI-enabled cyberattacks against legacy OT systems by 2028. Horne called for urgent, coordinated action across all organizational levels to address these vulnerabilities.
Source: AOL News / The Guardian
Experts Warn of Critical ‘Mismatch’ in US Capacity to Respond to Large-Scale OT Cyberattacks
Security experts at the Critical Effect conference warned that the U.S. lacks sufficient incident response capacity for large-scale OT cyberattacks, with fewer than 1,000 responders focused specifically on OT worldwide. An attack affecting just one percent of U.S. community water systems could overwhelm global response capabilities, with cascading failures across power, water, hospital, and emergency services. Dragos CEO Rob Lee noted that Accenture’s recent acquisition will significantly enhance OT incident response resources.
Source: GovInfoSecurity
Operation Endgame Dismantles SocGholish Malware from Nearly 15,000 Compromised Sites
An international law enforcement coalition took down 106 servers and cleaned malware from 14,971 WordPress sites infected with SocGholish, a malware operated by TA569 and linked to Evil Corp. SocGholish uses obfuscated JavaScript to deliver fake browser updates that drop ransomware and remote access tools. Dutch authorities indicated this takedown is the start of a broader campaign against SocGholish, signaling ongoing coordinated efforts to disrupt this threat.
Source: AboutDFIR / InfoSec News Nuggets
Staying informed on OT and ICS security developments is essential as threats evolve rapidly and impact critical infrastructure worldwide. We encourage all professionals to remain vigilant and proactive in safeguarding these vital systems.
